2015-03-27

If you want to be the best woodchopper, you need to sometimes sharpen your tools. In information security, this mean keeping track of the latest threats, vulnerabilities, attack methods, and news. Yet, most IT folks barely have the time to go home and sleep. If you struggle to follow security news yourself, my weekly video summarizes the big stuff for you.

In this week’s episode, I cover a new unlikely attack technique, warn you about dangerous documents, and notify you of the latest router patches. See all this and more in the video below, or just follow the links in the Reference section if you prefer.

(Episode Runtime: 11:18)

Direct YouTube Link: https://www.youtube.com/watch?v=ydnP5dZCeGA

EPISODE REFERENCES:

Monday: Twitch Account Breach – Daily Security Byte EP.50

Twitch account warning blog post – Twitch

Article on all Twitch accounts getting reset – Network World

Twitch makes passwords short after the breach. What!? – IT Pro

Twitch Attack probably included CC data – The Inquirer

Tuesday: BitWhisper: Hacking with Heat – Daily Security Byte EP.51

Ben-Gurion Cyber Security lab post on Bitwhisper – BGU.ac.il

Great Wired article on Bitwhisper -Wired

What is TEMPEST – Wikipedia

More information and videos about TEMPEST – Climate Viewer

Wednesday: Disregard Dangerous Documents – Daily Security Byte EP.52

Macro-based malware gaining traction – Help Net Security

Trend Micro reports on increase in macro malware -Trend Micro

Thursday: Win2003 EoL Danger – Daily Security Byte EP.53

Microsoft Windows Server 2003 migration page – Microsoft

Death of Win2003 is a big security threat – IT Pro Portal

Five security risks with Win2003 EoL – CIO

Friday: Cisco Routers Need Patching – Daily Security Byte EP.54

Cisco IOS admins should get the latest patch – Computer World

Cisco’s advisory on IOS ANS vulnerabilities – Cisco

EXTRAS:

Car hacking history (I made this prediction in 2010) – CNET

Canadian Government into cyber espionage too – The Intercept

Over 700K ISP issued routers still suffer from old vulnerabilities – PC World

Interesting OpEd on whether or not DNSSEC is worth it – The Register

Apple seems to be removing some iOS anti-malware apps – The Register

Windows Mobile password unmasking vulnerability – Windows Central

Protecting the power grid – USA Today

$60 dollar car hacking tool – Wired

Interpol says bad guys can hide porn and malware in virtual currencies – Kaspersky

Akamai says most 2014 attacks came from China (US a close 2nd) – Network World

PoSeiden: Cisco finds new PoS malware – Tech Radar

New debugger helps find integer overflow vulnerabilities – Threatpost

Attackers can still hijack APK installers to force Android malware – PCMag

“ISIS hacker” probably just searched google – Motherboard

Ransomware hits New Jersey school – iDigitalTimes

New RC4 weaknesses exposed

The RC4 Bar Mitzvah attack – Security Week

Dark Reading covers Bar Mitzvah – Dark Reading

Two RC4 weaknesses disclosed recently – Ars Technica

What out for Apple-themed phishing emails – Help Net Security

More “adult” sites (Xtube) redirecting to malware – Help Net Security

Many hotels exposed to router vulnerability – Wired

Blue Coat tries to cover up a security talk – Forbes

New router malware injects Ads and porn into other websites - Digital Trends

Another Bitcoin exchange hacked (why do ppl use it?) – ZDNet

Github suffered a DDoS attack on Thursday – Motherboard

Let dice help with long passphrases – Gizmodo

Your Fitbit is probably not that secure (big surprise there) – IT Pro Portal

Spear Phishing is the most popular APT technique – Tech Crunch

Attackers gained access to working Google certs again – ZDNet

Top 10 web hacking techniques of 2014 – Whitehat Security

Unpatch Amazon XSS flaw – The Inquirer

All browsers hacked (as usual) at Pwn2Own – BGR

Kevin Mitnick hacked the audience at CeBIT – PC Pro

— Corey Nachreiner, CISSP (@SecAdept)

Show more